I have installed tomcat server and I forgot my username/passoword. I have edited my tomcat-user.xml file like this:
<role rolename="manager"/>
<role rolename="admin"/>
<user username="admin" password="admin" roles="admin,manager"/>
Now my tomcat-manager working fine.
Two questions:
If anybody knew my previous password, will they be able to access my tomcat-manager?
Once I added the tomcat username and password, will it affect immediately or do I have to restart?
Answering to your question below.
1) Well, It depends on the domain you both are and the server where you locate your tomcat. (If you setup your tomcat in a public server and its password is known by many people, you are in trouble).
Better to reset the password to be in a safer side.
2) You must stop the tomcat instance, reset your password and The server must be restarted before changes to configuration settings will take effect.
Related
I use VPS server with Debian8 and installed Tomcat8.0.45, Java8, MySQL. I use command line through PuTTY.
I started tomcat and in web browser I could see "If you're seeing this, you've successfully installed Tomcat. Congratulations!" which means everything is fine. Then I tried to check status of the server or in other words when I tried to access http://ip_adress:8080/manager then popud up prompt window and required login and password.
I already uncommented user-roles in tomcat-users.xml file and added this:
<role rolename="manager-gui"/>
<role rolename="admin-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="admin" password="password" roles="manager,tomcat,manager-gui,admin-gui,manager-script,manager-jmx,manager-status"/>
Then I restarted tomcat server and typed login and password but still I am asked for login and password. Whatever I type in each time pops up loging window and I cannot access server status site.
Does anyone can help me?
I resolved the problem. Instead of use command: systemctl stop tomcat which seems to not stopping server, I used ./shutdown.sh.
We have implemented APNS connectivity using notnoop. We have been testing it for last 5 months on development and UAT environment and other environment. Things were working as expected but post deployment to production environment we are having tough time getting it work, GCM is working fine it is only APNS were we have tough time.
Initially there was connectivity issue from firewall which we have got opened to connect to gateway.push.apple.com on 2195 as earlier system was throwing connection timeout.
Now system is throwing No Trusted Certificate found I have described below the detail steps we have already taken to debug this.
Please note this is happening only when i deploy it on production that too when it is run inside Tomcat 8.0. We did small POC to test if it can work outside tomcat and it is working properly using same certificate from same absolute path.
We did try after changing the implementation to use absolute path of certificate as shown below
APNS.newService().withCert(PRODcertificatePath, PRODcertificatePassword)
The program is configured to use .withProductionDestination() if it is using production certificate and vice versa so this issue is also taken care.
Then we also tried using ClassLoader InputStream iss = ClassLoader.getSystemResourceAsStream("Axis-APNS.p12")
Yes we do have JKS file on production whose detail is configured in server.xml something like below
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" sslProtocol="TLS" keystoreFile="/root/cert"
Now we are out of idea to debug and find the root cause, Any suggestion, question is most welcome.
As a matter of workaround, i have redesign my system. Instead of running from inside tomcat, Have made it as standalone application using Quartz batch job and system is running properly. Once i get time to find out why tomcat is not able to pick correct certificate, will upate you guys on it. Thank you very much for your time... email me if you need anymore help on above matter. Thanks, Amarjeet
I'm facing a difficult setup where I have to configure single sign on, based on the logged in used on my tomcat application.
I already took some steps which allow me to login via single sign on directly on my tomcat application by using waffle.
I have 1 server where I have a tomcat running and a IIS running (but this IIS will move to another server in the same domain in the future).
I have the Tomcat running on port 8205 and the IIS configure to accept url's from authpoc.company.com. IIS does a redirect to localhost:8025 via URL Rewrite.
My web.xml from IIS
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:8205/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
What works
When opening the application directly on localhost:8205 on the server. I get a nice single sign on based on my domain user.
When opening the application directly on the ip of the server. 192.168.1.1:8205. I can log in but single sign on does not work anymore. This I don't understand. (edit: solved, this is a setting in Internet explorer, see SSO waffle asking username and password for more information)
What doesn't work
When redirecting from IIS, I don't get to login into my tomcat application. I have windows authentication enabled, with Negotiate and NTML enabled (in this sequence).
I read a lot on the internet but I can't find anyone with this particular setup. I don't really have the impression I'm doing something exotic.
One possiblity is that I should connect IIS via AJP instead of a much simpeler URL rewrite.
any help is welcome! Thanks
I got an answer on the google groups saying this is not possible because of the reverse proxy counting as a hop.
https://groups.google.com/forum/#!topic/waffle-users/VCaawJMD0Mw
I'm going to try another approach
I'm trying to monitor my WLP v8.5.5 with JConsole.
My Liberty profile is up and running and has SSL properlly configured.
I also have configured as features the monitor-1.0 and restConnector-1.0.
After that I sftp'ed from my WLP the restConnector.jar to my machine and created a keystore on my machine as described here
After that I'm trying to start JConsole with this command:
jconsole -J-Djava.class.path="C:\Program Files\Java\jdk1.7.0_67\lib\jconsole.jar;
C:\Program Files\Java\jdk1.7.0_67\lib\tools.jar;
<whereIDownloaded>\restConnector.jar"
-J-Djavax.net.ssl.keyStore="<locationToCreated>\keystore.jks"
-J-Djavax.net.ssl.keyStorePassword=<password>
-J-Djavax.net.ssl.keyStoreType=jks
-J-Dcom.ibm.ws.jmx.connector.client.disableURLHostnameVerification=true
However, when I try to connect to my WLP via remote with the string:
service:jmx:rest://<ip>:<httpsPort>/IBMJMXConnectorREST
As a credential I'm passing a user configured on <administrator-role>.
I get a JConsole error saying:
Secure connection failed. Retry insecurely?
I don't get why I'm seeing this error, and I don't see any logs to see why it failed.
My next step if getting the keystore from WLP and try that on my machine but I don't think that makes much sense.
Does anyone have any suggestion on where should I look for logs or on that I'm doing wrong?
Thanks in advance!
Reference:
http://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.wlp.nd.doc/ae/twlp_mon.html?cp=SSAW57_8.5.5%2F1-3-11-0-6&lang=en
Ensure you don't have localConnector-1.0 feature. If you have that, please remove it. You can find more details here Remote monitoring of Liberty with Health Center. Although it discusses Health Center connection, I was testing using JConsole also.
UPDATE
You might be invoking console with incorrect params - it should be trustStore not keystore see below. And for start use key.jks copied from Liberty (as you need Liberty certificate as trusted)
jconsole -J-Djava.class.path=%JAVA_HOME%/lib/jconsole.jar;
%JAVA_HOME%/lib/tools.jar;
%WLP_HOME%/clients/restConnector.jar
-J-Djavax.net.ssl.trustStore=key.jks
-J-Djavax.net.ssl.trustStorePassword=Liberty
-J-Djavax.net.ssl.trustStoreType=jks
For details check Configuring secure JMX connection to the Liberty
As an additional note - you must not have a webAppSecurity entry with loginFormURL set in your server.xml as this will cause the JMX login to fail (e.g., <webAppSecurity loginFormURL="login.html"/> is problematic). Each individual WAR needs to set their own login-config and not rely on any global method of configuring logins.
`
first time poster here. I'm setting up a new Tomcat 8 instance and I'm trying to utilize tomcat 8 manager from my build.xml script (via IntelliJ). I'm using the list command to test the connection, but want I really want is stop/start/redeploy/etc. I've tested both manager/text/ and manager/html succesfully.
[Windows 7 box]
Code snippets incoming
tomcat-users.xml:
<role rolename="admin-gui"/>
<role rolename="manager-script" />
<role rolename="manager-gui" />
<user username="script" password="test" roles="admin-gui,manager-script"/>
<user username="manager" password="test" roles="admin-gui,manager-gui"/>
build.xml:
<target name="list"
description="List installed applications on servlet container">
<echo>List Using:(${manager.url}) [${manager.username}|${manager.password}]</echo>
<list url="${manager.url}"
username="${manager.username}"
password="${manager.password}"/>
</target>
Output from 'list' task from IntelliJ:
List Using:(http://localhost:8080/manager/text) [script|test]
Task: list
C:\apps\myapp\build.xml:478: java.net.ConnectException: Connection refused: connect
at org.apache.catalina.ant.AbstractCatalinaTask.execute(AbstractCatalinaTask.java:269)
...etc
Every tutorial I go to talks about setting up Tomcat-Users.xml or opening port 8443 for the manager, but I haven't seen an answer for what to do if you have confirmed manager is running (it is) but build.xml/ANT seem have trouble getting authorized.
Things to check:
Have you actually confirmed that manager app is deployed to the /manager context? It's only deployed by default on the default host. For other virtual hosts, this is something you must do manually. Try visiting http://localhost:8080/manager with your web browser. Try logging in with the manager-gui user.
Does your tomcat instance run more than one virtual host? If so, it's possible that your ant task is hitting a different virtual host than one you want. Check your $CATALINA_HOME/conf/server.xml file's <Engine> and <Host> elements. Does <Engine> contain just one <Host>? If it contains multiple hosts, whate are the name attributes set to? What is the defaultHost attribute of <Engine> set to?